Solved: MACsec vs IPsec/GRE

Jeff Horton · ‎06-23-2020

Does the MACsec sufficiently encrypt data (multicast, .etc) on the Cisco 9000 series switch so that I don't have to worry about deploying GRE/IPsec?

Thoughts?

Reza Sharifi · ‎06-23-2020

GRE/IPsec is usually used for connecting multiple sites together over the Internet (WAN connection). On the other hand, MACsec is for host to switch encryption or between switches. So, two different functions.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html

HTH

View solution in original post

Reza Sharifi · ‎06-23-2020

GRE/IPsec is usually used for connecting multiple sites together over the Internet (WAN connection). On the other hand, MACsec is for host to switch encryption or between switches. So, two different functions.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html

HTH

Jeff Horton · ‎06-23-2020

So if I read correctly what you are saying, then MACsec would be good for the switch to switch connection and no need for GRE/IPsec?

Reza Sharifi · ‎06-23-2020

So if I read correctly what you are saying, then MACsec would be good for the switch to switch connection and no need for GRE/IPsec?

That is correct.

HTH